]> git.ipfire.org Git - thirdparty/systemd.git/commitdiff
bpf-restrict-fs: use a 32-bit magic key on big-endian too 42840/head
authorLuca Boccassi <luca.boccassi@gmail.com>
Wed, 1 Jul 2026 16:03:06 +0000 (17:03 +0100)
committerLuca Boccassi <luca.boccassi@gmail.com>
Wed, 1 Jul 2026 21:46:45 +0000 (22:46 +0100)
The inner map is created with a uint32_t key, but the update passed
&magic[i] where magic is a (possibly 64-bit) statfs_f_type_t. On
little-endian the low 32 bits happen to be read; on big-endian 64-bit
(s390x, ppc64 BE) the zero high word is read instead, so every
filesystem collides on key 0 (the allow/deny selector) and
RestrictFileSystems= is silently broken. Pass a truncated copy.

Follow-up for 184b4f78cfbded54a6e06bbe1152256c204a7a73

src/core/bpf-restrict-fs.c

index 93f7b800b5b57f88b11bea34394700c8310184cc..5cae80a31351d9f747828c03237fd988a19c1305 100644 (file)
@@ -173,7 +173,10 @@ int bpf_restrict_fs_update(const Set *filesystems, uint64_t cgroup_id, int outer
                         if (magic[i] == 0)
                                 break;
 
-                        if (sym_bpf_map_update_elem(inner_map_fd, &magic[i], &dummy_value, BPF_ANY) != 0) {
+                        /* The map key is uint32_t but statfs_f_type_t may be 64-bit, pass a truncated copy
+                         * to avoid breaking on big endian arches. */
+                        uint32_t key = magic[i];
+                        if (sym_bpf_map_update_elem(inner_map_fd, &key, &dummy_value, BPF_ANY) != 0) {
                                 r = log_error_errno(errno, "bpf-restrict-fs: Failed to update BPF map: %m");
 
                                 if (sym_bpf_map_delete_elem(outer_map_fd, &cgroup_id) != 0)